Some network based attacks attempt to flood servers with more requests than the servers are able to handle with the intention of causing the content and services hosted by the servers under attack to become unavailable to legitimate users. A distributed denial of service (DDoS) attack is an example of such an attack.
Distributed platforms have some level of built-in protection against these and other network based attacks. A distributed platform serves the same content and services from multiple servers operating at different distribution points. If one distribution point server comes under attack, servers from the same and other distribution points can continue to serve the content or services. The distribution points also shield an origin server from attack, wherein the origin server provides the distribution point servers with the content and services of one or more customers for distribution to end users. Content delivery networks (CDNs), cloud hosting providers, and other content or service providers that operate two or more distribution points are examples of distributed platforms.
The distributed platform redundancy is effective for small-scale DDoS attacks. However, the quantity and quality of such attacks is only increasing. Bot-nets from which many attacks originate are growing in size. Attacks involve more machines working in concert to simultaneously attack a target. Moreover, the involved machines have greater resources (e.g., processing power and network bandwidth), thereby allowing each machine to issue more requests and place greater burden on the target.
Large scale attacks can degrade distributed platform performance in multiple ways. The attack can spill over from one distributed platform server where the targeted content and services are available to other servers, until the entire distributed platform is overwhelmed. Legitimate users seeking the same content or service from a distributed platform under attack will experience delayed server response and may even receive no server response when an attack outpaces the ability of the distributed platform servers to respond to the quantity of inbound requests. This is especially problematic for a CDN, whereby each distribution point of the CDN is tasked with delivering the content and services of several different customers. If an attack is launched against a single customer and the attack overwhelms the CDN, then content and service distribution for all CDN customers can be disrupted. In other words, an attack against one distributed platform customer can impact content and service delivery for all distributed platform customers. Large scale attacks can also affect origin server performance, which in turn degrades distributed platform performance. Requests for dynamic content or other content that is not or cannot be cached by the distribution point servers of the distributed platform servers propagate from the distribution point servers to the origin server. Even though the distribution point servers can keep pace with the attacking request load, the origin server may not. Consequently, the origin server is unable to respond to forwarded requests from the distribution point servers, which prevents the distribution point servers from responding to the receiving requests, including those from legitimate users.
Accordingly, there is a need for distributed platforms to be able to quickly respond to network based attacks in order to mitigate attack impact across different distribution points of the distributed platform as well as the origin servers sourcing the content and services that are distributed by the distributed platform. More generally, there is a need to prevent an attack from scaling to the point at which it can interrupt content and service delivery operation of the distributed platform and the origin servers shielded by the distribution platform. To this end, there is a need to not only identify loads across individual servers, but also appreciate how those loads can affect, in the aggregate, performance of different distribution points, origin servers, and the entire distributed platform. There is further a need to then scale protections against network based attacks in proportion with the scale of the attack on the distributed platform to ensure continued operation of the distributed platform and origin servers even in the face of increasingly large network based attacks.